XSS Vulnerability in Monkeytype Typing Test Application
CVE-2025-59838

2.4LOW

Key Information:

Vendor: Monkeytypegame
Status: Monkeytype
Vendor: CVE Published:; 25 September 2025

🔔 Create Monkeytypegame Vulnerability Alert

What is CVE-2025-59838?

A Cross-Site Scripting (XSS) vulnerability exists in the Monkeytype typing test application due to improper handling of user input when loading saved custom texts. This flaw could allow attackers to inject malicious scripts, potentially compromising user data and security. It affects all versions up to 25.36.0 and has been addressed in a recent update. Users are advised to upgrade to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

monkeytype < f025b121cbe437e29de432b4aa72e0de22c755b7

References

https://github.com/monkeytypegame/monkeytype/security/adv...

x_refsource_CONFIRM

https://github.com/monkeytypegame/monkeytype/commit/f025b...

x_refsource_MISC

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Sep 22, 2025

JSON